Russia has indeed been sketchy online this year

Cyberattacks originating in Russia accounted for more than half of intrusions tracked by Microsoft since mid-2020, the company said in a report released Thursday.

New report: The findings were detailed in Microsoft’s annual Digital Defense Report. The company said it tracked threat activity from a number of countries, but found that 58 percent of attacks reported by customers originated in Russia, followed by North Korea at 23 percent.

“Over the past year, Russia-based activity groups have solidified their position as acute threats to the global digital ecosystem,” the report states. “They have also shown a high tolerance for collateral damage, which leaves anyone with connections to targets of interest vulnerable to opportunistic targeting.”

The report went on to say that more than 90 percent of the Russian-linked threat activity was carried out by a threat group Microsoft named “Nobelium,” which the company blamed in May for using a U.S. Agency for International Development email marketing account to target hundreds of organizations in two dozen countries, including government agencies.

U.S. hit hard: Microsoft found that the U.S. was the most targeted nation by far, accounting for almost half of attacks between July 2020 and June 2021. By contrast, Ukraine was the second most targeted country, with 19 percent of threat activity aimed within its borders.

Read more about the findings here.

Illustrating the continuing cyber threats linked to Russia, cybersecurity group Mandiant released research Thursday finding that a Russian-speaking cyber criminal group is disproportionately using ransomware attacks to target hospitals and health care groups across North America as the COVID-19 pandemic continues.

Mandiant labeled the group “FIN12,” noting that it has been in existence since at least 2018, but was increasingly hitting organizations in North America with annual revenues of more than $300 million with ransomware attacks.

According to Mandiant, one in five of FIN12’s victims were health care groups, many of which operate hospitals, while other victims have included groups in business services, education, finance, government, manufacturing, retail and technology.